御剑后台扫描工具[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

御剑后台扫描工具.exe
Size

85KB
MD5

554af62de3bac61000377a403e742169
SHA1

6e14f21cac6e2aa7535e45d81e8d1f6913fd6e8b
SHA256

e53ca9c4e1671209bc6ea1f2d1181b87f234a698c217a7844482da4b3e686eb4
SHA512

1961fafc4217ee1b5f250c781ea617dc3964463de7dde44d6922acf246ff916b7aca435a999526114031df5c99428cc3b88de18a9561f9159e446f13ae81bfc0
SSDEEP

1536:ynkg6yaRp+5wfKfiYMf0SuYRz/e71vNSfS0uC:ynxCYyCfiYMf0SuYRzC0fP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
御剑后台扫描工具.exe

Files

御剑后台扫描工具.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ